diff options
author | Edwin Groothuis <wireshark@mavetju.org> | 2019-09-28 01:13:31 +1000 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2019-10-02 22:32:51 +0000 |
commit | 79c8b446b67d71c6e61a2de934769228c5ace0db (patch) | |
tree | 55ff324eec7af9ae642f6a87c16b00f3bcc51f56 | |
parent | b5d6c9922b8ce3446f9584692a7032adeed1db15 (diff) |
TLS: fix heuristics to match a TCP segment with just a TLS record header
The TLS stream of IBM WebSphere doesn't get detected since the TLS
record is sent in two packets: First the five bytes of the TLS record
header, then the TLS record data.
Bug: 16085
Change-Id: Ide8758dc7f6a14e4a5aeb01abc7fcaa42374f675
Reviewed-on: https://code.wireshark.org/review/34634
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
-rw-r--r-- | epan/dissectors/packet-tls.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/epan/dissectors/packet-tls.c b/epan/dissectors/packet-tls.c index 20d719dd2b..a4047bd6b5 100644 --- a/epan/dissectors/packet-tls.c +++ b/epan/dissectors/packet-tls.c @@ -867,10 +867,13 @@ is_sslv3_or_tls(tvbuff_t *tvb) guint16 protocol_version, record_length; /* - * Heuristics should match a non-empty TLS record: - * ContentType (1), ProtocolVersion (2), Length (2), fragment (...) + * Heuristics should match the TLS record header. + * ContentType (1), ProtocolVersion (2), Length (2) + * + * We do not check for an actual payload, IBM WebSphere is known + * to separate the record header and payload over two separate packets. */ - if (tvb_captured_length(tvb) < 6) { + if (tvb_captured_length(tvb) < 5) { return FALSE; } |